Apparently spied on purchases made by Kanye West & Co.
In a detailed report, the magazine describes “Wired“A shocking data leak in the area of customer data at the online mail order company Amazon. According to the report, employees have used a flawed system in recent years to see, among other things, celebrity purchases.
The data was therefore so easily accessible that even employees without the appropriate rights were able to spy on the orders. According to “Wired”, the entire purchase history was available to Amazon’s global customer service team. A former Amazon service employee, who wants to remain anonymous, told the magazine that he had seen how his colleagues had seen the shopping history of various stars such as Kanye West or actors from the “Avengers” films.
Other Amazon employees reported that many of their colleagues had searched for the order history of their ex-partners or people from their immediate vicinity. “Everyone, really everyone did it,” said a former customer service manager. The detailed report is based on various interviews with former employees and on memos and internal documents from the years 2015 to 2018. The investigations provide a deep insight into the negligent data architecture of the online giant, which resulted in completely unauthorized access to sensitive data Had customer data.
The former vice president of the Amazon team for information security also spoke to “Wired”. When he started at the company, the security systems were in a “shocking” state. Everything was “held together with tape and chewing gum,” said Gary Gagnon, who held the post in 2017.
According to “Wired”, in some cases more than 3,300 small Amazon teams work with sensitive customer data worldwide. In 2018, the roots of the company’s data risks were analyzed internally. As stated in a security memo, the teams tended to capture the data they needed, copy it, and save it elsewhere. The result: a “mostly undocumented distribution of copies of the data sets”.
This rapid and frenzied spread made it almost impossible for the information security department to get a grip on Amazon’s data. “The increasing number of copies of records combined with Amazon’s decentralized accountability and ownership model,” says the memo, burdened the security department with a Sisyphean task. In fact, the security team tried to map all of Amazon’s data back in 2016 – and was not able to do so.
The Amazon spokeswoman Jen Bemisderfer emphasized to “Wired”: “Over the years we have invested billions of dollars in building systems and processes to protect data and are constantly looking for ways to improve.” The fact that Amazon’s privacy and security issues have been fully documented and thoroughly reviewed by management underscores our commitment to these issues and shows the vigilance with which we identify, escalate, and respond to potential risks. “